smtp parser support

src/Makefile.am

@@ -246,6 +246,7 @@ app-layer-dcerpc-udp.c app-layer-dcerpc-udp.h \
 app-layer-ftp.c app-layer-ftp.h \
 app-layer-ssl.c app-layer-ssl.h \
 app-layer-ssh.c app-layer-ssh.h \
+app-layer-smtp.c app-layer-smtp.h \
 defrag.c defrag.h \
 output.c output.h \
 win32-misc.c win32-misc.h \

src/app-layer-parser.c

@@ -50,6 +50,7 @@
 #include "app-layer-ftp.h"
 #include "app-layer-ssl.h"
 #include "app-layer-ssh.h"
+#include "app-layer-smtp.h"
 
 #include "util-spm.h"
 
@@ -1203,17 +1204,12 @@ void RegisterAppLayerParsers(void)
     RegisterDCERPCUDPParsers();
     RegisterFTPParsers();
     RegisterSSHParsers();
+    RegisterSMTPParsers();
 
     /** IMAP */
     AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "|2A 20|OK|20|", 5, 0, STREAM_TOCLIENT);
     AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_IMAP, "1|20|capability", 12, 0, STREAM_TOSERVER);
 
-    /** SMTP */
-    AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "EHLO ", 5, 0, STREAM_TOCLIENT);
-    AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "HELO ", 5, 0, STREAM_TOCLIENT);
-    AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "ESMTP ", 64, 4, STREAM_TOSERVER);
-    AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_SMTP, "SMTP ", 64, 4, STREAM_TOSERVER);
-
     /** MSN Messenger */
     AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOCLIENT);
     AlpProtoAdd(&alp_proto_ctx, IPPROTO_TCP, ALPROTO_MSN, "MSNP", 10, 6, STREAM_TOSERVER);

src/app-layer-smtp.h

@@ -0,0 +1,65 @@
+/* Copyright (C) 2007-2010 Open Information Security Foundation
+ *
+ * You can copy, redistribute or modify this Program under the terms of
+ * the GNU General Public License version 2 as published by the Free
+ * Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * version 2 along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ */
+
+/**
+ * \file
+ *
+ * \author Anoop Saldanha <poonaatsoc@gmail.com>
+ */
+
+#ifndef __APP_LAYER_SMTP_H__
+#define __APP_LAYER_SMTP_H__
+
+typedef struct SMTPState_ {
+    /* current input that is being parsed */
+    uint8_t *input;
+    uint32_t input_len;
+
+    /* --parser details-- */
+    /* current line extracted by the parser from the call to SMTPGetline() */
+    uint8_t *current_line;
+    /* length of the line in current_line.  Doesn't include the delimiter */
+    uint32_t current_line_len;
+    /* used to indicate if the current_line buffer is a malloced buffer.  We
+     * use a malloced buffer, if a line is fragmented */
+    uint8_t current_line_buffer_dynamic;
+    /* we have see LF for the currently parsed line */
+    uint8_t current_line_lf_seen;
+    /* var to indicate parser state */
+    uint8_t parser_state;
+    /* current command in progress */
+    uint8_t current_command;
+
+    /* the request commands are store here and the reply handler uses these
+     * stored command in the buffer to match the reply(ies) with the command */
+    /* the command buffer */
+    uint8_t *cmds;
+    /* the buffer length */
+    uint8_t cmds_buffer_len;
+    /* no of commands stored in the above buffer */
+    uint8_t cmds_cnt;
+    /* index of the command in the buffer, currently in inspection by reply
+     * handler */
+    uint8_t cmds_idx;
+    /* padding - you can replace this if you want to. */
+    uint8_t pad;
+} SMTPState;
+
+void RegisterSMTPParsers(void);
+void SMTPParserRegisterTests(void);
+
+#endif /* __APP_LAYER_SMTP_H__ */

src/suricata.c

@@ -118,6 +118,7 @@
 #include "app-layer-ftp.h"
 #include "app-layer-ssl.h"
 #include "app-layer-ssh.h"
+#include "app-layer-smtp.h"
 
 #include "util-radix-tree.h"
 #include "util-host-os-info.h"
@@ -1234,6 +1235,7 @@ int main(int argc, char **argv)
         DetectEngineHttpRawUriRegisterTests();
         DetectEngineRegisterTests();
         SCLogRegisterTests();
+        SMTPParserRegisterTests();
         if (list_unittests) {
             UtListTests(regex_arg);
         }